Docker Community Forums

Share and learn in the Docker community.

CoreOS unable to pull from docker.io


(Thefuzz4) #1

Issue Type: Network Connectivity

OS: NAME="Container Linux by CoreOS"
ID=coreos
VERSION=1465.8.0
VERSION_ID=1465.8.0
BUILD_ID=2017-09-20-2237
PRETTY_NAME="Container Linux by CoreOS 1465.8.0 (Ladybug)"
ANSI_COLOR="38;5;75"
HOME_URL="coreos URL
BUG_REPORT_URL="bug report URL
COREOS_BOARD=“amd64-usr”

App Version: N/A

Steps to reproduce:
Install CoreOS from VMware Template file
Create cloud-config.yml file
Pull any image from docker. io

So I just built out my first CoreOS VM here at home for something to learn and mess with. I can curl any URL I want all day long except for docker. io. I can curl it from any other machine I want just not this CoreOS box.

When attempting to access docker. io with a pull command for an image I get

Oct 03 16:11:09 deadpool02 env[873]: time="2017-10-03T16:11:09.908262406Z" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
Oct 03 16:11:09 deadpool02 env[873]: time="2017-10-03T16:11:09.908422727Z" level=error msg="Attempting next endpoint for pull after error: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
Oct 03 16:11:39 deadpool02 env[873]: time="2017-10-03T16:11:39.909736886Z" level=error msg="Not continuing with pull after error: Network timed out while trying to connect to https://index.docker.io/v1/repositories/linuxserver/ombi/images. You may want to check your internet connection or if you are behind a proxy."

I am not behind a proxy on this VLan and I have a CentOS machine running with docker on this same vlan that can pull images just fine.

I can curl zhttps://www.google.com without an issue but it just times out with the docker. io

Here is the iptables for the box

eadpool02 jhamilto # iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW multiport dports ssh
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request state NEW,RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Nothing really exciting in there

Here is my cloud-config.yml file

#cloud-config
hostname: deadpool02

write_files:
    - path: /etc/systemd/network/static.network
      permissions: 0644
      content: |
        [Match]
        Name=ens192

        [Network]
        Address=192.168.9.43
        Gateway=192.168.9.1
        DNS=192.168.9.1
    - path: /etc/iptables.rules
      permissions: 0644
      content: |
        *filter
        :INPUT DROP [0:0]
        :FORWARD ACCEPT [0:0]
        :OUTPUT ACCEPT [76:7696]
        -A INPUT -p tcp -m conntrack --ctstate NEW -m multiport --dports 22 -j ACCEPT
        -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
        -A INPUT -i lo -j ACCEPT
        -A INPUT -p icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
        -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
        COMMIT


users: 
  - name: "core"
    passwd: "PASSWORD"
    groups:
     - sudo
     - docker

coreos:
    units:
        - name: systemd-networkd.service
          command: start
        - name: iptables.service
          command: start
          content: |
            [Unit]
            Description=iptables
            Author=Me
            After=systemd-networkd.service

            [Service]
            Type=oneshot
            ExecStart=/usr/sbin/iptables-restore /etc/iptables.rules
            ExecReload=/usr/sbin/iptables-restore /etc/iptables.rules
            ExecStop=/usr/sbin/iptables-restore /etc/iptables.rules

            [Install]
            WantedBy=multi-user.target

This whole thing just has me completely baffled. I’ve checked my firewall logs and it shows that the connections are going through just fine. I’m using my Firewalls DNS so its all internal.

Thank you all for your help and I apologize if this is posted in the wrong section.


(Thefuzz4) #2

This was user error on my part. My pfblockerng was blocking access to AWS